Think about what happens when you expose an API directly on the internet. Anyone can call it without authentication, a malicious client can send thousands of requests per second, and clients from different teams demand different versions of the API. API Gateway handles all of these cross-cutting concerns outside your backend code. Authentication, throttling, caching, versioning, monitoring — instead of implementing each of these directly in every Lambda or server, you configure them declaratively at the API Gateway layer.
Behind the birth of API Gateway was the rapid spread of microservice architecture